CVE-2021-31798
First published: Thu Sep 02 2021(Updated: )
The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CyberArk Credential Provider | <12.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-31798.
What is the title of this vulnerability?
The title of this vulnerability is 'The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy'.
What is the severity level of CVE-2021-31798?
The severity level of CVE-2021-31798 is medium with a severity value of 4.4.
What software is affected by CVE-2021-31798?
CyberArk Credential Provider prior to version 12.1 is affected by CVE-2021-31798.
How can a local malicious user exploit CVE-2021-31798?
Under certain conditions, a local malicious user can obtain the plaintext of cache files encrypted by CyberArk Credential Provider prior to version 12.1.
- collector/nvd-index
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/cyberark
- canonical/cyberark credential provider